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Abstract 



^""^ , \\V study Mac application of Tuplix ('alcnlns in modular Hiiani-ial Imd- 

get design. We formalize organizational structure using financial transfer 
networks. We consider the notion of flux of money over a network, and a 
way to enforce the matching of influx and outflux for parts of a network. 
We exploit so-called signed attribute notation to make internal streams 
^ visible through encapsulations. Finally, we propose a Tuplix Calculus 

construct for the definition of data functions. 
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1 Introduction 



In [3] we described the application of Tuplix Calculus (TC, see [6 ) in the formal- 
ization of financial budgets. Here, we explore this application further starting 
with the definition of financial transfer networks. We consider the notion of flux 
of money over a network, and define a flux constraint operator that enforces 
matching influx and outflux for units. We exploit so-called signed attribute 
notation to make internal streams visible through encapsulations. Finally, we 
propose a Tuplix Calculus construct for the definition of data functions. We 
assume familiarity with Tuplix Calculus; its syntax and axioms are collected in 
Appendix [Bj 

2 Financial Transfer Networks 

Implicit starting point in the modular budget design in [3] is the assumption 
of an underlying (organizational) structure: tuplix expressions specify budgets 
for certain parties, and by composition we obtain budgets for larger parts (of 
an organization). Of importance is also the identification of attributes, that 
are used in the specification of payments between parts, or between parts and 
external parties. 

Example 1. As a simple example, consider an organization consisting of parts 
P and Q, and assume that attribute a is used to specify payments between these 
parts. Using the names P and Q also as tuplix meta-variables, we define 

P = o(10), Q = o(-10). 

So, P will pay amount 10, while Q intends to receive amount 10. When we com- 
pose P and Q, expressed as <9{ a }(-P(D Q), these entries synchronize successfully. 

We find it worthwhile to introduce a mathematical format for organizational 
structures. We define a financial transfer network (FTN) as a set of units with 
in-going and outgoing channels: a channel is a directed link between units, or 
between a unit and an external party, that is labeled with an attribute. Labels 
of in-going channels of a unit are used in the specification of payments to the 
unit, and the labels of outgoing channels are used to specify payments made 
by the unit. We require that any channel is in-going for at most one unit and 
outgoing for at most one unit. 

Definition 1. An FTN consists of: 

1. a set Attr of attributes; 

2. a set Unit of units; 

3. a function in : Unit — > 2 Attr ; 

4. a function out : Unit — > 2 Attr : 
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such that for all distinct g, h € Unit, in(g) n in(h) = and out(g) n out(h) = 0. 

An attribute a is internal if there are units g,h €z Unit with a G D 
out(h). An attribute is external if it is not internal. 

An FTN can be depicted in a graph-like manner, with units as nodes, and 
arrows (called channels) labeled with attributes between units, or between a 
unit and an external party. Because an attribute of an FTN can be the label 
of at most one channel, we shall also speak of the channel a, rather than the 
channel labeled with attribute a. A channel is internal if its label is internal; 
this is the case if it connects units of the network, see the following example. 

Example 2. Consider the FTN with Attr — {a, b, c}, Unit = {g, h}, and 

in(g) — {a}, out(g) — in{h) — {6}, in(h) = {c}. 
This network is depicted as 




The channels a, c are external, b is internal. 

Given an FTN, a specification of a unit g is a tuplix expression P g that uses 
only the elements of in(g) U out(g) as attributes. 

Example 3. This example is a shortened, simplified version of the example 
presented in [3] . We have added the presentation of the organizational structure 
as an FTN. 

We consider an FTN as depicted in the following picture: 



S 




The units and their specifications (for a given period of time, e.g., the cal- 
endar year 2008): 

• S is a financial source that rewards production: for each product that is 
produced, a constant reward rew is allocated to unit Q. For production 
unit Pi (see below) the data variable rij stands for the number of products 
produced by Pi during the period that is covered. 

Specification: 

S = a(rew ■ (n\ + 712)). 

• The control unit Q will dispatch the rewards to the production units after 
deduction of a fixed fraction k (a value between and 1) that is paid via 
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c to an external service center. It further distributes the remainder of the 
rewards equally among the production units: 

Q = EX-*)a> 

c(k ■ x) 

(l-fc)-(6i(x/2) 062(1/2))). 

• The production units Pj, for i = 1,2, receive money from Q via 6j and 
pay for their expenses via rfj (in this simplified example, these units act 
as serial buffers only, that is, they simply pass on what they receive): 

p i = Y, x {h{-x)®di{x)). 

A combined budget B is specified by the encapsulated composition of these 
specifications: 

B = d {aMM} (S(DQ(DP 1 (DP2). 

The encapsulation enforces synchronization on the internal channels and then 
hides these internal streams (in Section[3]we elaborate on the notion of streams). 
We find (see Appendix [Al for the derivation): 

B = J2 x (l( x = rew ' ( n i + n ?)) ® 
c(k ■ x) 

(1-k) ■ (di(x/2)©da(x/2))). 

Alternatively, we may redefine Q so that it pays the production units pro- 
portionally to their contribution to the total production: 

c(k ■ x) 

(1 - k) ■ x ■ (bx(ni/(ni + n 2 )) b 2 (n 2 /{n 1 + n 2 )))). 
Then we find, for the combined budget: 

B = c(k ■ rew ■ (rii + 712)) (1 — k) ■ (d\{rew ■ ni) d,2{rew ■ 112)) 
with a similar derivation. 

3 Flux over a Network 

Unit specifications of an FTN can be thought of as determining an unrealized 
flux over the internal channels of a network. Take for instance the channel 



We speak of a stream over a, when the total amounts specified for a by g and 
by h match (that is, add up to zero). We then also say that g has outflux 
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over a and h has influx over a. When there is no match, there is no flux; the 
flux is realized when we compose unit specifications, and encapsulation over the 
internal attributes is successful. 
A very simple example: consider 

9 — * h 

with specifications P g = a(t) and Ph = a{—s). We say that g has outflux of size 
t along a, and that h has influx of size s along a. If the outflux of g along a 
matches the influx of h along a, that is, if t equals s, then there is a stream of 
this size from g to h. This matching corresponds to the success of encapsulation 
of the composed unit specifications: we find 

d {a} (P g (DP h )=~/(t = s). 

This encapsulation reduces to an equality test; unsuccessful encapsulation yields 
the null tuplix 6. Note that encapsulation hides the internal transactions; in 
Section [4] we look at a way to make successful internal transactions (i.e., flux) 
of units visible. 

Flux dynamics comes into play with generalized alternative composition 
(summation) over amounts. For example, redefine Ph so that it will receive 
any amount, and send this along: 

P g =a(t), P h =E x a{-x)®K%)' 
then we find that successful encapsulation determines the outflux of h: 

d {a} (Pg®P h )=b(t). 

Working with this perspective we find it natural to be able to require for 
certain units that 'what goes in also comes out.' For example, specify that h 
will receive any amount along a and will transfer any amount along b: 

p g = a(t), P h = Y,X-x)®Y,yKy)- 

Encapsulation over a will enforce the transfer of amount t along a, and an 
additional requirement that the total flux of h equals zero would turn h into a 
serial buffer that forwards amount t along b. 

We define a unary flux constraint operator that does exactly this: it adds 
to its argument the constraint that its total flux equals zero. This operator 
(written K, after Kirchhoff) is defined as follows: 

K{X) = K (X) (1) 

K t (S) = S (2) 

Kt{e) = l{t) (3) 

Kt(f(x)(DX) = 1 {x)®K t {X) (4) 

K t (a(x) ®X) = a(x) © K t+x {X) (5) 

K t (X + Y) = K t {X)+K t (Y) (6) 

Kt(E x P) = E x (Kt(P)) x?FV(t) (7) 
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Figure 1: Reserve buffers example 



Example 4. We define periodic specifications for a unit Q and a reserve R. The 
unit Q receives income from and has expenditures to external parties. Every 
period it withdraws a fixed amount from R, and it reserves a fixed percentage 
of its income to the reserves of the next period. Any reserves that are not 
withdrawn are transferred to the next period. The flux constraint operator is 
used to enforce this transfer of reserves, ft is also applied to Q so that it will 
spend any income that is not reserved. 

We make this more precise. We define Q n and R n for the unit Q and the 
reserve R in period n. The following attributes are used: 

• cin+i for the transfer from R n to R n +i 

• b n +i for the reservation from Q n to R n +i 

• c n for the withdrawal from R n by Q n 

• d n for the external income of Q n 

• e„ for the external expenditures of Q n 

The network is depicted in Figure [TJ 
Define 

Rn = K iI2u,vAu,x a n{~ u ) CD b n (-v) <X> c n (w) CD a n+ \(xj) 
which can be rewritten to 

R n = J2 u .v,w,x"f( u + v = w + x)(D a n (-u) b n (-v) (D c n (w) CD a n+1 (x). 
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In the specification of Q„ we use the free data variables pw (periodic with- 
drawal), inc n (income in period n), and k (reserve fraction, a value between 
and 1). Define 

Q n = K(J2 u c n (-pw) CD d n (-inc n ) b n+ i(k ■ inc n ) e n (u)) 
= J2 u l( u = pw + (l-k) ■ inc n ) 

c n (-pw) CD d n (-inc n ) CD b n+1 (k ■ inc n ) CD e„(u) 
= c n (-pw) d n {~inc n ) CD • Wic„) CD e n (pw + (1 - fc) • inc„) 

Define 

P« = #ff B (Qo CD • ■ ■ Q Qn CD i? CD • ■ ■ CD P„+i) 

where 

If„ = {oi+i, bi+i, C{ < i < n}. 
For Po and Pi we find (see derivations in Section [XJ: 

^0 C^-ju,v,w ,x 

oq(-u) CD 6 (-u) CD 

do(— inco) eo(pw + (1 — k) ■ into)) 
ci(tu) a 2 (x)), 

a (—u) &o(-v) 
do(— inco) e (pw + (1 — fc) • mco) 
<£l(— mci) ei(pw + (1 — fc) • inci) 
c 2 (w) a 3 (x)), 

and this generalizes to 

P = K(Y^ 

a {-u) (Dbo(-v) 
c n+1 (w) a„ +2 (a;)) 

(Dj=o,..., n di(-ina) e,(pw + (1 — fc) • me,)). 

4 Visualizing Internal Streams 

In an FTN with unit specifications we speak of an internal stream over a channel, 
if encapsulation over that channel is successful (does not yield the null tuplix 
5). In an encapsulation 

P = d ff (P o 0---0Pfc) 

of unit specifications Pi, all information on internal streams is lost, that is, due 
to the encapsulation no entries with attributes from H occur in P. Still, it may 
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be useful to see the internal streams of a unit under influence of composition 
and encapsulation. We shall exploit signed attribute notation to retain focus on 
encapsulated specifications: we add copies of internal entries that will remain 
visible after encapsulation. 



Signed Attribute Notation 

So far we have used flat attribute notation for entries: for a unit g, if a S in(g), 
then an entry a(t) is interpreted as influx of amount —t to g, and if a G out(g), 
then a(t) is interpreted as outflux of amount t from g. The notation is neutral 
in this respect (and this is the basis for the definition of encapsulation). 

An alternative is signed attribute notation: for attribute a, assume fresh 
attributes —a, +a, and write —a(t) for influx of amount t, and +a(t) for outflux 
of amount t. We have not defined encapsulation for this notation. 

Clearly, tuplix expressions in signed attribute notation can be transformed 
to flat attribute notation by replacing entries +a(t) by a(t), and — a(t) by a(—t). 
Vice versa, for a given unit g, transform a(t) to —a(—t) if a G in(g), and to +a(t) 
if a e out(g). 



Combined Flat and Signed Attribute Notation 

For a unit g and a set of (internal) attributes H , the mapping will add a 
signed copy of internal entries of g in a specification using flat attribute notation. 



QMS) = 6 (8) 

C g , H (e)=e (9) 

C 5 ,f(7W)=7W (10) 

!+o(x) CD a(x) if a € ou£(#) n H 

-a(-x) Q a(x) iia€in(g)C\H (11) 
a(x) otherwise 

( g , H (X®Y) = ( g MX)®( g ,H(Y) (12) 

( 9!ff (xir) = ( 9 , fl (i)K 9 , fl (r) (13) 

C 9 ME x x) = Z x < 9 ,h{x) (1 4 ) 



The resulting specification combines flat and signed attribute notation. 



Encapsulation 

Assume we have units go,---,9k with corresponding specifications Po, ■ ■ . , Pk, 
and we want to see what composition and encapsulation with Pi, . . . , P^ do 
to P . Let H be the set of attributes that are internal to g a ,...,g k . The 
encapsulation 

P = d H (( go , H (P Q )(DP 1 (D---(DP k ), 
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will, if successful, contain signed copies of the internal transactions of go. We 
can now focus on go by letting 

J = {a, +a, —a | a € in(go) U out(go)}, 

and selecting (see definition on page fTS)) on the attributes in this set: 

Selectj(P) 

shows all the transactions of go under influence of the encapsulation. 

Of course, we can also make all internal streams of the composition visible: 

d H (( g0tH ( p o) CD C 91 ,h(A) CD • • • CD C gk M(Pk))- 
Example 5. Consider the following network: 



g — » h 



Take unit specifications 



and observe that 



P 9 = a(-l)®6(l), 
P h = b(-l) (D c(l), 

d {b} {P g d)P h ) =a(-l)®c(l). 



The encapsulation enforces synchronization on b, and leaves no trace of this 
synchronization. 
Now consider 

P = d {b} (C g , {b }{Pg) CD Ph) = o(-l) © +6(1) © c(l) 

where the signed copy of the internal outflux of g on b remains visible. Finally, 
let 

J = {a, +a, —a | a G ^(g) U out(g)}, 

and find 

Select j(P) =a(-l) 0+6(1). 

5 Function Definition and Binding 

We extend Tuplix Calculus with a construct to define data functions, and with 
summation over functions. We only sketch how this extension can be achieved; 
a fully worked-out technical account is future work. We extend the signature 
of the data type with lambda abstraction and application in order to express 
functions. For example, 

Xx.x + x 
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is the function that doubles its argument, and 

(Xx.x + x)2 

is the function applied to argument 2. Adopting /3-conversion as usual, this 
reduces to 2 + 2. We also assume standard a-conversion (renaming of bound 
variables). We further assume for each arity a set of function variables. If / is 
a function variable of arity fc, we write 

for the application of / to arguments t\, . . . , tk- We write Xx.t(x) for the lambda 
abstraction over some given, implicit number of variables x, and f(x) for the 
application of / to arguments x, where the number of arguments is always 
assumed to be equal to the arity of /. 
A function definition 

/ = Xx.t(x), 

where / is a function variable, is expressed in the Tuplix Calculus by the con- 
struct 

T(f,Xx.t(x)), 

and we would have, e.g., 

Xx.x + x)(D a(/(l)) = r(/, Xx.x + x)(D a(2). 
To derive such identities we adopt the axiom scheme 

Xx.t(x)) = Xx.t(x)) © 7 (/(5) - *(*)), (FD) 

for any data terms s. 

Final step: we extend Tuplix Calculus with summation over function 
variables /. This is very similar to summation over data variables. 

With these features we can define and use functions in a 'let-like' manner in 
specifications. The general form 

£/(T(/. Xx.t(x))(DP) 

may be read as 'let / be defined as Xx.t(x) in tuplix P.' 

For an example application we refer to [1] . In that paper we define a budget 
allocation to faculties at a university-level. The allocation for a faculty F can 
be given by a faculty-independent function /, which takes as input a number of 
parameter values specific to F. So, say that 

r(/, xx.t(x)) 

defines /, and that the allocation to F is defined as /(ij?). The total of budget 
allocations is then specified by 

E/(r(/, Xx.t(x)) CD (D F (a F (f(x F )))), 

where ap is a channel name used in the transfer of money to F. 
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A Derivations 

Note: a zero test j(t — s) may be written as j(t = s). 
Derivation for Example [3) 

B = d {aMM] {S(DQ(DP 1 (DP 2 ) 

= 0{a,6i,6 a }( 

a(rew ■ {n\ + n 2 )) 

£ tt (a(-u) c ( fc ■ «) ® (1 - *) ■ (&i(«/ 2 ) ® fe 2 (u/2))) CD 
£ u (&i(-«)CDdi(u))<D 

E„(6a(-«) 

— X/u,D,u)^{a.&i,&2}( 

a(rew ■ (m + 712)) CD 

a(-u) CD c(& • u) (1 - fe) • (h(u/2) CD b 2 (u/2)) CD 
61 (-u) CD rfi(w) 
6 2 (-10) (DffeW) 
= E„,„(7(« = rew • (ni + n 2 )) CD 
7 (u = (1 - fc)tt/2) CD 
7O = (1 - fc)u/2) © 
c(k ■ u) CD CD d 2 (w)) 

= J2u("?( u = • ("1 + "2)) CD 
c{k ■ u) CD 

(l-k)-{d 1 (u/2)(Dd 2 (u/2))) 

Derivation for Example 2J 

Pa = d [aubuCo} (Q CD R CD Ri) 
= 9{ au b UCo }( 

c (—pw) d (—inco) b\{k ■ inc ) CD eo(pw + (1 — k) ■ inco) 

T,u,v <w ,xn f { u + V = w + X ) cd 

oo(-u) 6o(-«) c (w) ai(af) 

Ev, W 7K + "' = »' + ^)© 

oi(-u') h(-v') ci(w') a 2 {x')) 

y(u + v = w + x) 7(1/ + i/ = 11/ + a;') 
rf (— mco) e (pw + (1 — k) ■ inc ) 
a (-u) 6 (-w) ci(w') a 2 (x') 
9j?(c (-pw) &i(fc ■ mc ) 

cq(iu) 01 (a;) oi(-u') 61 (-«')) 
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^2tu,u' ,w,w' ,x,x' 

j(u + v = w + x) CD ~/(u' + v' = w' + x 1 ) CD 
d (—inc ) CD e (pw + (1 — fc) ■ inc ) CD 
a (-u) CD 6 (-w) ci(w') © a 2 (V) ® 
7(u> — pw) CD 7(1/ = k ■ mco) CD 7(2; = u') 

j(u + v = pw + w' + x' — k ■ inc ) CD 
do(-inco) CD eo(pw + (1 — k) ■ inc ) CD 
a {-u) CD b {-v) ® ci(w') ® a 2 (x') 

7(w + U = W + X + — fc • fflCo) CD 

ao(-w) CD feo(-w) ® do(-inco) CD 
a 2 (x) CD ci(w) CD e {pw + (1 — k) ■ inco) 

a {-u) CD fro(-w) CD d (-inc ) CD 

a 2 {x) CD ci(w) ® e (pw + (1 - k) ■ inc )) 

5{a 2 ,6 2 ,c l} (^0CD0lCD^2) 
d{a 2 ,&2,ci}( 

7(1* + t; = to + x + — k ■ mco) CD 
<zo(— u) CD fco(-w) CD rfo(-iwco) CD 
a>2{x) CD ci(w) ® e (pw + (1 — fc) • mc ) CD 
Ci(— pw) CD mci) CD 

6 2 (fc • mci) CD ei(pw + (1 — fc) • inc\) CD 

7(u + v = w + x) CD 

a2(-u) CD 6 2 (-f) CD c 2 (w) CD a 3 (x)) 
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£-*/UiV,W,%,u' ,w / 

j(u' = x) © 7(« = k ■ inci) CD 7(10 = pw) © 
7(u + v = id + x + pw — k ■ mco) © 
ao(— © 6 (— v) © do(— mco) © 

e${pw + (1 — fe) • mco) © 

inci) © 

e\{pw + (1 — fe) ■ mci) 
+ u' = to' + a/) © 
02(10') © a 3 (x') 

7(1* + t> = x + 2pw — k ■ inco) © 
7(2: + k ■ inci = w' + x') © 
£Iq(— u) © b (— v) © do(— mco) © 

eo(pw + (1 — fe) • mco) © 
cii(— inci) © 

e\{pw + (1 — fe) • inci) 
02(10') © 03 (a;') 

7(1* + v — w + x + 2pw — fe ■ (inco + inc\)) © 
a (-u) © b (-v) © 
do(-inco) © eo(pw + (1 — fe) • inco) © 
dj(— mci) © ei(pio + (1 — fe) • inci) 
c 2 (w) © 03 (x) 
= #(5" 

a (-u) © 6 (-«) CD 
do(-inco) © eo(pw + (1 — fe) • mc ) © 
di(— inc\) © ei(pw + (1 — fe) • inc\) 
02(10) © 03(35)) 

B Primer on Tuplix Calculus 

This appendix is an excerpt from [5J. For further reading on meadows we refer 
to [7J [5] . We remark that the operators + for alternative composition and &h 
for encapsulation stem from the process algebra ACP [5] , see also [TJ [F • The 
summation operator (binding of data variables that generalizes alternative 
composition) is also part of the specification language /iCRL [9 , which combines 
ACP with equationally specified abstract data types. 
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B.l Cancellation Meadows 



Tuplix Calculus builds on a data type for quantities. This data type is required 
to be a non-trivial cancellation meadow, or, equivalently, a zero-totalized field [7, 
[S]. A zero-totalized field is the well-known algebraic structure 'field' with a 
total operator for division so that the result of division by zero is zero (and, for 
example, in a 47-totalized field one has chosen 47 to represent the result of all 
divisions by zero). 

A meadow is a commutative ring with unit equipped with a total unary 
operation (_) _1 named inverse that satisfies the axioms 

(x" 1 )" 1 = x and x ■ (x ■ = x, 

and in which CP 1 = 0. For Tuplix Calculus we also require the cancellation 
axiom 

x ^ & x ■ y — x ■ z =>• y = z 

to hold, thus obtaining cancellation meadows, which we take as the mathemat- 
ical structure for quantities, requiring further that ^ 1 to exclude (trivial) 
one-point models. These axioms for cancellation meadows characterize exactly 
the equational theory of zero- totalized fields [5]. The property of cancellation 
meadows that is exploited in the Tuplix Calculus is that division by zero yields 
zero, while x ■ x^ 1 — 1 for x ^ 0. 

We define a data type (signature and axioms) for quantities which comprises 
the constants 0, 1, the binary operators + and •, and the unary operators — and 
(_) . We often write x — y instead of x + (— y), x/y instead of x ■ y , and xy 
instead of x ■ y, and we shall omit brackets if no confusion can arise following 
the usual binding conventions. Finally, we use numerals in the common way (2 
abbreviates 1 + 1, etc.). The axiomatization consists of the cancellation axiom 

x ^ & x ■ y = x ■ z y — z, 

the separation axiom 

0^1, 

and the following 10 axioms for meadows (see [S]): 



(x + y) H 


- z 


= x - 




+ z), 


x-\ 


-y 


= y- 


\-x. 




2H 


-0 


= x, 






x + (- 


x) 


= 0, 






{x ■ y) 


• z 


= x ■ 


(y 


*), 


X 


■y 


= y ■ 


X, 




1 


■ X 


= x, 






x ■ (y + 


*) 


= X ■ 


y + 





(x- 1 )- 1 =x, 
x ■ (x ■ x^ 1 ) = X. 



14 



The following identities are derivable from the axioms for meadows. 

(0)^=0 

HO" 1 = -(x~ 1 ) 
(x ■ yY 1 = aT 1 ■ y^ 1 
0-x = 
x--y = -(x ■ y) 
— (— x) = x 

Furthermore, the cancellation axiom and axiom x ■ (x ■ x^ 1 ) = x imply the 
general inverse law 

x ^ => x ■ x^ 1 = 1 

of zero-totalized fields. 

B.2 Basic Tuplix Calculus 

Core Tuplix Calculus (CTC) is parametrized with a nonempty set A of at- 
tributes. Its signature contains the constants e (the empty tuplix) and S (the 
null tuplix), and two further kinds of atomic tuplices: entries (attribute- value 
pairs) of the form 

a(t) 

with a £ A, and t a data term, and, for any data term t, the zero test 

l(t) 

("f ^ A). Finally, CTC has one binary infix operator: the conjunctive composi- 
tion operator ©. This operator is commutative and associative. Axioms are in 
Tabled 

In CTC, a tuplix is a conjunctive composition of tests and entries, with e 
representing an empty tuplix, and S representing an erroneous situation which 
nullifies the entire composition. Entries with the same attribute can be com- 
bined to a single entry containing the sum of the quantities involved. 

A zero test j(t) acts as a conditional: if the argument t equals zero, then 
the test is void and disappears from conjunctive compositions. If the argument 
is not equal to zero, the test nullifies any conjunctive composition containing it. 
Observe how we exploit the property of zero-totalized fields that t/t is always 
defined, and that the division t/t yields zero if t equals zero, and 1 otherwise. 
Further note that an equality test t = s can be expressed as j(t — s). 

A tuplix term is closed if it is does not contain tuplix variables and also does 
not contain data variables. A tuplix term is tuplix- closed if it does not contain 
tuplix variables (but it may contain data variables). 

The tuplix calculus is two-sorted. On the tuplix side we have the axioms 
ITlHTlOl and we use the proof rules of equational logic. On the data side, we 
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Table 1: Axioms for Basic Tuplix Calculus 



X(DY 


= Y(DX 


(Tl) 


(X CD Y) CD Z 


= X<D(Y<DZ) 


(T2) 


X ©e 


= X 


(T3) 


X<DS 


= s 


(T4) 


a(x) CD a(y) 


= a(x + y) 


(T5) 


7(») 


= i{x/x) 


(T6) 


7(0) 


= £ 


(T7) 


7(1) 


= <5 


(T8) 


7(z)®7(2/) 


= -){x/x + y/y) 


(T9) 


7(1 - y) CD a(x) 


= l{x - y) CD o(y) 


(T10) 


x + r 


= y + X 


(CI) 


(X + Y) + z 


= X + (Y + Z) 


(C2) 


x + x 


= X 


(C3) 


X + 5 


= X 


(C4) 


X(D{Y + Z) 


= (X (D Y) + (X (D Z) 


(C5) 


■y(x)+j(y) 


= l(xy) 


(C6) 
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refrain from giving a precise proof theory. The rule I DeI lifts valid data identities 
to the tuplix calculus: for all (open) data terms t and s, 

V^t = s implies 7 (i)= 7 (s), (De) 

where T> (a non-trivial cancellation meadow) is our model of the data type. 
This axiom system with axioms [TTlTr 101 plus proof rulc lDEl is denoted by CTC. 

The axiom system CTC is extended to Basic Tuplix Calculus (BTC), by 
addition of the binary operator + called alternative composition or choice to 
the signature, and by adoption of axioms [CTT4C6I (see Table [T]). 

The following two proof rules are derivable: 

V\=t = s implies P[t/x] = P[s/x], 

and 

P CD 7(0; — t) = P[t/x] CD j(x - t), 

for tuplix terms P and with substitution P[t/x] defined as usual for two-sorted 
equational logic (replacement of all data variables x in P by t). 

B.3 Zero- Test Logic 

We present some observations on the use of the zero-test operator which lead 
to a simple logic. 

First, the empty tuplix e with e — 7(0) by axiom [T7l may be read as 'true', 
and the null tuplix 6 with S — 7(1) by axiom [T8l may be read as 'false'. 
Negation. Define the test 'not x = 0' by 

7(0;) = 7(1 — x/x). 

Conjunctive composition of tests may be read as logical conjunction: 

7(2;) CD 7(2/) = j{x/x + y/y) 

tests 'x = and y = 0'. 

Alternative composition of tests may be read as logical disjunction: 

70) +i(y) ^ 7(3 ■ y) 

tests l x = or y = 0'. 

A formula would then be a tuplix-closed (no tuplix variables) BTC term 
without entries. Any formula can be expressed as a single test j(t) using ax- 
ioms [T7HT9] and [C6l and the definition of negation. We find that this logic has 
all the usual properties. Clearly, conjunction and disjunction are commutative, 
associative, and idempotent, and it is not difficult to derive distributivity, ab- 
sorption, and double negation elimination. As usual, implication can be defined 
in terms of negation and disjunction: 

70) +7(y) = 7((! - x/x) ■ y) 
tests l x = implies y = 0'. 
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B.4 Generalized Alternative Composition and Auxiliary 
Operators 

The generalized alternative composition (or: summation) operator ^2 X is a 
unary operator that binds data variable x and can be seen as a data-parametric 
generalization of the alternative composition operator +. We add this binder 
to the signature of BTC and write FV(P) for the set of free data variables 
occurring in tuplix term P. We write Var(t) for the set of data variables oc- 
curring in data term t (there is no variable binding within data terms). Define 
substitution P[t/x] as: replace every free occurrence of data variable x in tuplix 
term P by the data term i, such that no variables of t become bound in these 
replacements. E.g., recall the proof rule 

P CD 7(2; — t) = P[t/x] (D j{x - t). 

This rule remains sound in the setting with summation, but application of the 
rule may require the renaming of bound variables in P, so that the substitution 
can be performed. When considering substitutions we implicitly assume that 
bound variables are renamed properly. The axiom schemes for summation are 
listed in Tabled 

Auxiliary Operators. For BTC with summation, we define three auxiliary 
operators: scalar multiplication, clearing, and encapsulation. Axioms are listed 
in Tabled 

• Scalar multiplication t ■ P multiplies the quantities contained in entries in 
tuplix term P by t. Axiom Sc7 is an axiom scheme with t ranging over 
data terms and P ranging over tuplix terms. 

• Clearing: For set of attributes I C A, the operator Ej(X) renames all 
entries of X with attribute in I to e. It "clears" the attributes contained 
in I. For a set of attributes J C A we further define 

Select j(X)^e A \j(X). 

This function allows to focus on those entries with attribute from J. 

• Encapsulation can be seen as 'conditional clearing'. For set of attributes 
H C A, the operator 8h(X) encapsulates all entries in X with attribute 
a £ H. That is, for a £ H, if the accumulation of quantities in entries with 
attribute a equals zero, the encapsulation on a is considered successful and 
the a-entries are cleared (become e); if the accumulation is not equal to 
zero, they become null (6). This accumulation of quantities is computed 
per alternative: the encapsulation operator distributes over alternative 
composition. 

We further define 

d H uH>(X)^d H od H >(X). 
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Table 2: Axiom schemes for generalization and auxiliary operators. Terms P 
and Q range over tuplix terms and t ranges over data terms. 





= P 


if a; ( 


1FV(P) 


(SI) 




= Y y P[y/A 


if y ( 


iFV{P) 


(S2) 


Y x (p®Q) 


= p®Y x Q 


if a; ( 


i FV(P) 


(S3) 


J2AP + Q) 


= Y x p + Y x Q 






(S4) 


£ B 7(*-*) 


= £ 


if x 


& Var(t) 


(S5) 


£ B 7(*-t) 


= £ 


if x 


$ Var(t) 


(S6) 


X ■ £ 


= £ 






(Scl) 


x ■ S 


= 5 






(Sc2) 


x • 7(y) 


= 7(2/) 






(Sc3) 


x ■ a(y) 


= a(x ■ y) 






(Sc4) 


x ■ (X <D Y) 


= x ■ X (Q x ■ Y 






(Sc5) 


X ■ (A + Y ) 


— :r - + x ■ Y 






[OCO J 


t-Y p 


= E W (*--P) 


if y 


£ Var(t) 


(Sc7) 


e/(e) 


= e 






(Cll) 


E/ (<5) 


= 5 






(C12) 


£7(7(3)) 


= 7(a) 






(C13) 


ej(o(a;)) 


Je if tie! 
[0(1) otherwise 






(C14) 


£i(X®F) 


= e/(X)(De/(F) 






(C15) 


ei(X + Y) 


= e/(X)+e/(F) 






(C16) 


ei(Y x P) 


= Y x (zdP)) 






(C17) 


d H (e) 


= e 






(El) 


d„(S) 


= 5 






(E2) 


9h{i{x)) 


= 7(*) 






(E3) 


d H {a(x)) 


(7(2:) if a G H 
1 a(a) \i a^H 






(E4) 


> H (X(Dd H (Y)) 


= d H {X)Od H (Y) 






(E5) 


d H (X + Y) 


= d H (x) + d H (Y) 






(E6) 


9h(Y x P) 


= Y x (9h(P)) 






(E7) 
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